HTTP/1.1 200 OK
Date: Wed, 15 Feb 2017 09:33:26 GMT
Server: Apache/2.4.18
X-Disclaimer: The software in this package is part of the X-Maya 6 (2017), developed by CyberSecurity Malaysia. By using this software, you are granted the right to copy and modify the software, but not to distribute the software. Cybersecurity Malaysia shall not be liable to you for damages, including any general, special, incidental or consequential damages arising out of the use or inability to use the program
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2162
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
...........Y[o.6.~/...
......d...$..;m...{6.l..Y.m...R.cw6.}..$K.('....._.s..|..>Y.Ut..w'K......#K!....,\.Z.....g....,...Y,h,N...i.g!S....`.......a"..&...t#..Y.f.$......S.1/..#..[../.=]..a]........M.'.....4\Q..]Ln.......i....Y....."...6.h.!....NE.OIFN.ei[..1...I.Kc....`Q@.....o..r^.s.4.....V.!.%....!9..l...Z.....(V.o ..
...?F.M....9F....(.z.
Z}7.f.w.....G.&.p>.....).A..n]y..fA8.i...S....9. ....J^..b=Z..R...'...l'.....Gm.SF..B!.]Z{...!..;......D....6&c.!..4..(.T=Y.yJ..m*.j....P..|
9.W.[.u..O.....U2
92.)4I..zQ.I.G....'.).........F.)
.bF..-...N..Ic.9.4,..q:..k...X....Q...Xm..Y.M.%
0...j....T.............r@y.Ee.B.....8....i..t...t.<...n\.zV...D.8Q%....+.....jc,KE]M.5.gL..*5..[z.jt .N...2...,....%S.......F}.).\.0I......F..GA.=P&X.....:...
.?`...9b1.%.i..Dp;K)...%:...........e~... .I.8.A
H..Ej[o.L..w....W.7z.4I....Wxnt.@A.S.J...........B.{z..k.=.RC...........n4........,es.....=}.......uLP....{..U....*+..S......j.......R....CF.....e...}.C@."...........FW.~.G.M..+K.......j...(&4...=.!..XP.'S.....E.<.%.....`..sok[!.7q...J..DYS^.V...z2C+...d>..1x..
.......7QG...~.5a.a.kb...A...F...=...IC.C....@g.S..n......._ .v...d.".&.e.....G]..K.....b....G....X...9....z..:..up4._k.3D.....Q..........@n
.../.8....Hi.....y.<p/I....xC.F.x...`.K....C..o.......f....Ql.)..?&...b...`.<N...rO..;Ne.....w..5t.!.... Z...d3.?.I......k.....v'.. ..t.$.w.PV......i....._..T.<...&..f..[....7..!.WTF......".C9...j&...0yP.5s...!..}......a...a`o...9.....z|
.n..4|..9t.).i.......o.....6.R3"&G...v.o.1`~.5.".cJ.K@..SM............\;."....Iy....~...2I.[G....>6QO..J4.c1e8oK.*.......okD...]e.MIq....i.....@p..O<.`}...2..+{...O'..p>....?V........+.8.....Oi.JW.;.F1...[+.2.Y..g........).:..\.l(...c....pW........@$.....1.....F.}..*;s...w...._.t..%.Y._....[.9.E...g....l....s.c+14;.Vp....X.@x...;n.J
.G.mr..5'...L.......7o.5g.pNl......Fs.|%..j..&..C..M.E8..s%g.q.......:\x.qw..Y.f......6.....7.j..B.[....~.".....p>7)]....~.O....7}.v...Yy[.]m.......Z...;.8.5...*....fY...|...{.Qn.O)\....
.(...cc..<....@....B.,e)..|......Mi.>.7.....C.3JwK.%K....t....N.!L...............4../b+K}.......8.z..E..m..s.:/...^{.9<.........Y$.-...Zk/.....T.i..\.]#.5..z..k.)......]*C]E......C>.J.5.:.....t..z.
........

2017-02-15T00:35:43.051387-0800

13.76.98.135

192.168.30.129

ET EXPLOIT CVE-2016-0189 Common Construct M1

*

6

Timestamp

2017-02-15T00:35:43.051387-0800

Flow Id

1069734936089547

Source IP

13.76.98.135

Source Port

80

Destination IP

192.168.30.129

Destination Port

50335

Protocol

TCP

Alert Signature

ET EXPLOIT CVE-2016-0189 Common Construct M2

Alert Category

Attempted User Privilege Gain

Alert Severity

1

Alert Gid

1

Alert Signature Id

2022972

Payload Printable

HTTP/1.1 200 OK
Date: Wed, 15 Feb 2017 09:33:26 GMT
Server: Apache/2.4.18
X-Disclaimer: The software in this package is part of the X-Maya 6 (2017), developed by CyberSecurity Malaysia. By using this software, you are granted the right to copy and modify the software, but not to distribute the software. Cybersecurity Malaysia shall not be liable to you for damages, including any general, special, incidental or consequential damages arising out of the use or inability to use the program
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2162
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
...........Y[o.6.~/...
......d...$..;m...{6.l..Y.m...R.cw6.}..$K.('....._.s..|..>Y.Ut..w'K......#K!....,\.Z.....g....,...Y,h,N...i.g!S....`.......a"..&...t#..Y.f.$......S.1/..#..[../.=]..a]........M.'.....4\Q..]Ln.......i....Y....."...6.h.!....NE.OIFN.ei[..1...I.Kc....`Q@.....o..r^.s.4.....V.!.%....!9..l...Z.....(V.o ..
...?F.M....9F....(.z.
Z}7.f.w.....G.&.p>.....).A..n]y..fA8.i...S....9. ....J^..b=Z..R...'...l'.....Gm.SF..B!.]Z{...!..;......D....6&c.!..4..(.T=Y.yJ..m*.j....P..|
9.W.[.u..O.....U2
92.)4I..zQ.I.G....'.).........F.)
.bF..-...N..Ic.9.4,..q:..k...X....Q...Xm..Y.M.%
0...j....T.............r@y.Ee.B.....8....i..t...t.<...n\.zV...D.8Q%....+.....jc,KE]M.5.gL..*5..[z.jt .N...2...,....%S.......F}.).\.0I......F..GA.=P&X.....:...
.?`...9b1.%.i..Dp;K)...%:...........e~... .I.8.A
H..Ej[o.L..w....W.7z.4I....Wxnt.@A.S.J...........B.{z..k.=.RC...........n4........,es.....=}.......uLP....{..U....*+..S......j.......R....CF.....e...}.C@."...........FW.~.G.M..+K.......j...(&4...=.!..XP.'S.....E.<.%.....`..sok[!.7q...J..DYS^.V...z2C+...d>..1x..
.......7QG...~.5a.a.kb...A...F...=...IC.C....@g.S..n......._ .v...d.".&.e.....G]..K.....b....G....X...9....z..:..up4._k.3D.....Q..........@n
.../.8....Hi.....y.<p/I....xC.F.x...`.K....C..o.......f....Ql.)..?&...b...`.<N...rO..;Ne.....w..5t.!.... Z...d3.?.I......k.....v'.. ..t.$.w.PV......i....._..T.<...&..f..[....7..!.WTF......".C9...j&...0yP.5s...!..}......a...a`o...9.....z|
.n..4|..9t.).i.......o.....6.R3"&G...v.o.1`~.5.".cJ.K@..SM............\;."....Iy....~...2I.[G....>6QO..J4.c1e8oK.*.......okD...]e.MIq....i.....@p..O<.`}...2..+{...O'..p>....?V........+.8.....Oi.JW.;.F1...[+.2.Y..g........).:..\.l(...c....pW........@$.....1.....F.}..*;s...w...._.t..%.Y._....[.9.E...g....l....s.c+14;.Vp....X.@x...;n.J
.G.mr..5'...L.......7o.5g.pNl......Fs.|%..j..&..C..M.E8..s%g.q.......:\x.qw..Y.f......6.....7.j..B.[....~.".....p>7)]....~.O....7}.v...Yy[.]m.......Z...;.8.5...*....fY...|...{.Qn.O)\....
.(...cc..<....@....B.,e)..|......Mi.>.7.....C.3JwK.%K....t....N.!L...............4../b+K}.......8.z..E..m..s.:/...^{.9<.........Y$.-...Zk/.....T.i..\.]#.5..z..k.)......]*C]E......C>.J.5.:.....t..z.
........

2017-02-15T00:35:43.051387-0800

13.76.98.135

192.168.30.129

ET EXPLOIT CVE-2016-0189 Common Construct M2

*

7

Timestamp

2017-02-15T00:35:43.051387-0800

Flow Id

1069734936089547

Source IP

13.76.98.135

Source Port

80

Destination IP

192.168.30.129

Destination Port

50335

Protocol

TCP

Alert Signature

ET CURRENT_EVENTS Terror EK CVE-2016-0189 Exploit M2

Alert Category

A Network Trojan was Detected

Alert Severity

1

Alert Gid

1

Alert Signature Id

2024169

Payload Printable

HTTP/1.1 200 OK
Date: Wed, 15 Feb 2017 09:33:26 GMT
Server: Apache/2.4.18
X-Disclaimer: The software in this package is part of the X-Maya 6 (2017), developed by CyberSecurity Malaysia. By using this software, you are granted the right to copy and modify the software, but not to distribute the software. Cybersecurity Malaysia shall not be liable to you for damages, including any general, special, incidental or consequential damages arising out of the use or inability to use the program
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2162
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
...........Y[o.6.~/...
......d...$..;m...{6.l..Y.m...R.cw6.}..$K.('....._.s..|..>Y.Ut..w'K......#K!....,\.Z.....g....,...Y,h,N...i.g!S....`.......a"..&...t#..Y.f.$......S.1/..#..[../.=]..a]........M.'.....4\Q..]Ln.......i....Y....."...6.h.!....NE.OIFN.ei[..1...I.Kc....`Q@.....o..r^.s.4.....V.!.%....!9..l...Z.....(V.o ..
...?F.M....9F....(.z.
Z}7.f.w.....G.&.p>.....).A..n]y..fA8.i...S....9. ....J^..b=Z..R...'...l'.....Gm.SF..B!.]Z{...!..;......D....6&c.!..4..(.T=Y.yJ..m*.j....P..|
9.W.[.u..O.....U2
92.)4I..zQ.I.G....'.).........F.)
.bF..-...N..Ic.9.4,..q:..k...X....Q...Xm..Y.M.%
0...j....T.............r@y.Ee.B.....8....i..t...t.<...n\.zV...D.8Q%....+.....jc,KE]M.5.gL..*5..[z.jt .N...2...,....%S.......F}.).\.0I......F..GA.=P&X.....:...
.?`...9b1.%.i..Dp;K)...%:...........e~... .I.8.A
H..Ej[o.L..w....W.7z.4I....Wxnt.@A.S.J...........B.{z..k.=.RC...........n4........,es.....=}.......uLP....{..U....*+..S......j.......R....CF.....e...}.C@."...........FW.~.G.M..+K.......j...(&4...=.!..XP.'S.....E.<.%.....`..sok[!.7q...J..DYS^.V...z2C+...d>..1x..
.......7QG...~.5a.a.kb...A...F...=...IC.C....@g.S..n......._ .v...d.".&.e.....G]..K.....b....G....X...9....z..:..up4._k.3D.....Q..........@n
.../.8....Hi.....y.<p/I....xC.F.x...`.K....C..o.......f....Ql.)..?&...b...`.<N...rO..;Ne.....w..5t.!.... Z...d3.?.I......k.....v'.. ..t.$.w.PV......i....._..T.<...&..f..[....7..!.WTF......".C9...j&...0yP.5s...!..}......a...a`o...9.....z|
.n..4|..9t.).i.......o.....6.R3"&G...v.o.1`~.5.".cJ.K@..SM............\;."....Iy....~...2I.[G....>6QO..J4.c1e8oK.*.......okD...]e.MIq....i.....@p..O<.`}...2..+{...O'..p>....?V........+.8.....Oi.JW.;.F1...[+.2.Y..g........).:..\.l(...c....pW........@$.....1.....F.}..*;s...w...._.t..%.Y._....[.9.E...g....l....s.c+14;.Vp....X.@x...;n.J
.G.mr..5'...L.......7o.5g.pNl......Fs.|%..j..&..C..M.E8..s%g.q.......:\x.qw..Y.f......6.....7.j..B.[....~.".....p>7)]....~.O....7}.v...Yy[.]m.......Z...;.8.5...*....fY...|...{.Qn.O)\....
.(...cc..<....@....B.,e)..|......Mi.>.7.....C.3JwK.%K....t....N.!L...............4../b+K}.......8.z..E..m..s.:/...^{.9<.........Y$.-...Zk/.....T.i..\.]#.5..z..k.)......]*C]E......C>.J.5.:.....t..z.
........

2017-02-15T00:35:43.051387-0800

13.76.98.135

192.168.30.129

ET CURRENT_EVENTS Terror EK CVE-2016-0189 Exploit M2

*

8

Timestamp

2017-02-15T00:35:43.051387-0800

Flow Id

1069734936089547

Source IP

13.76.98.135

Source Port

80

Destination IP

192.168.30.129

Destination Port

50335

Protocol

TCP

Alert Signature

ET CURRENT_EVENTS CVE-2016-0189 Exploit

Alert Category

A Network Trojan was Detected

Alert Severity

1

Alert Gid

1

Alert Signature Id

2024676

Payload Printable

HTTP/1.1 200 OK
Date: Wed, 15 Feb 2017 09:33:26 GMT
Server: Apache/2.4.18
X-Disclaimer: The software in this package is part of the X-Maya 6 (2017), developed by CyberSecurity Malaysia. By using this software, you are granted the right to copy and modify the software, but not to distribute the software. Cybersecurity Malaysia shall not be liable to you for damages, including any general, special, incidental or consequential damages arising out of the use or inability to use the program
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2162
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
...........Y[o.6.~/...
......d...$..;m...{6.l..Y.m...R.cw6.}..$K.('....._.s..|..>Y.Ut..w'K......#K!....,\.Z.....g....,...Y,h,N...i.g!S....`.......a"..&...t#..Y.f.$......S.1/..#..[../.=]..a]........M.'.....4\Q..]Ln.......i....Y....."...6.h.!....NE.OIFN.ei[..1...I.Kc....`Q@.....o..r^.s.4.....V.!.%....!9..l...Z.....(V.o ..
...?F.M....9F....(.z.
Z}7.f.w.....G.&.p>.....).A..n]y..fA8.i...S....9. ....J^..b=Z..R...'...l'.....Gm.SF..B!.]Z{...!..;......D....6&c.!..4..(.T=Y.yJ..m*.j....P..|
9.W.[.u..O.....U2
92.)4I..zQ.I.G....'.).........F.)
.bF..-...N..Ic.9.4,..q:..k...X....Q...Xm..Y.M.%
0...j....T.............r@y.Ee.B.....8....i..t...t.<...n\.zV...D.8Q%....+.....jc,KE]M.5.gL..*5..[z.jt .N...2...,....%S.......F}.).\.0I......F..GA.=P&X.....:...
.?`...9b1.%.i..Dp;K)...%:...........e~... .I.8.A
H..Ej[o.L..w....W.7z.4I....Wxnt.@A.S.J...........B.{z..k.=.RC...........n4........,es.....=}.......uLP....{..U....*+..S......j.......R....CF.....e...}.C@."...........FW.~.G.M..+K.......j...(&4...=.!..XP.'S.....E.<.%.....`..sok[!.7q...J..DYS^.V...z2C+...d>..1x..
.......7QG...~.5a.a.kb...A...F...=...IC.C....@g.S..n......._ .v...d.".&.e.....G]..K.....b....G....X...9....z..:..up4._k.3D.....Q..........@n
.../.8....Hi.....y.<p/I....xC.F.x...`.K....C..o.......f....Ql.)..?&...b...`.<N...rO..;Ne.....w..5t.!.... Z...d3.?.I......k.....v'.. ..t.$.w.PV......i....._..T.<...&..f..[....7..!.WTF......".C9...j&...0yP.5s...!..}......a...a`o...9.....z|
.n..4|..9t.).i.......o.....6.R3"&G...v.o.1`~.5.".cJ.K@..SM............\;."....Iy....~...2I.[G....>6QO..J4.c1e8oK.*.......okD...]e.MIq....i.....@p..O<.`}...2..+{...O'..p>....?V........+.8.....Oi.JW.;.F1...[+.2.Y..g........).:..\.l(...c....pW........@$.....1.....F.}..*;s...w...._.t..%.Y._....[.9.E...g....l....s.c+14;.Vp....X.@x...;n.J
.G.mr..5'...L.......7o.5g.pNl......Fs.|%..j..&..C..M.E8..s%g.q.......:\x.qw..Y.f......6.....7.j..B.[....~.".....p>7)]....~.O....7}.v...Yy[.]m.......Z...;.8.5...*....fY...|...{.Qn.O)\....
.(...cc..<....@....B.,e)..|......Mi.>.7.....C.3JwK.%K....t....N.!L...............4../b+K}.......8.z..E..m..s.:/...^{.9<.........Y$.-...Zk/.....T.i..\.]#.5..z..k.)......]*C]E......C>.J.5.:.....t..z.
........

HTTP/1.1 200 OK
Date: Wed, 15 Feb 2017 09:33:26 GMT
Server: Apache/2.4.18
X-Disclaimer: The software in this package is part of the X-Maya 6 (2017), developed by CyberSecurity Malaysia. By using this software, you are granted the right to copy and modify the software, but not to distribute the software. Cybersecurity Malaysia shall not be liable to you for damages, including any general, special, incidental or consequential damages arising out of the use or inability to use the program
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2162
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
...........Y[o.6.~/...
......d...$..;m...{6.l..Y.m...R.cw6.}..$K.('....._.s..|..>Y.Ut..w'K......#K!....,\.Z.....g....,...Y,h,N...i.g!S....`.......a"..&...t#..Y.f.$......S.1/..#..[../.=]..a]........M.'.....4\Q..]Ln.......i....Y....."...6.h.!....NE.OIFN.ei[..1...I.Kc....`Q@.....o..r^.s.4.....V.!.%....!9..l...Z.....(V.o ..
...?F.M....9F....(.z.
Z}7.f.w.....G.&.p>.....).A..n]y..fA8.i...S....9. ....J^..b=Z..R...'...l'.....Gm.SF..B!.]Z{...!..;......D....6&c.!..4..(.T=Y.yJ..m*.j....P..|
9.W.[.u..O.....U2
92.)4I..zQ.I.G....'.).........F.)
.bF..-...N..Ic.9.4,..q:..k...X....Q...Xm..Y.M.%
0...j....T.............r@y.Ee.B.....8....i..t...t.<...n\.zV...D.8Q%....+.....jc,KE]M.5.gL..*5..[z.jt .N...2...,....%S.......F}.).\.0I......F..GA.=P&X.....:...
.?`...9b1.%.i..Dp;K)...%:...........e~... .I.8.A
H..Ej[o.L..w....W.7z.4I....Wxnt.@A.S.J...........B.{z..k.=.RC...........n4........,es.....=}.......uLP....{..U....*+..S......j.......R....CF.....e...}.C@."...........FW.~.G.M..+K.......j...(&4...=.!..XP.'S.....E.<.%.....`..sok[!.7q...J..DYS^.V...z2C+...d>..1x..
.......7QG...~.5a.a.kb...A...F...=...IC.C....@g.S..n......._ .v...d.".&.e.....G]..K.....b....G....X...9....z..:..up4._k.3D.....Q..........@n
.../.8....Hi.....y.<p/I....xC.F.x...`.K....C..o.......f....Ql.)..?&...b...`.<N...rO..;Ne.....w..5t.!.... Z...d3.?.I......k.....v'.. ..t.$.w.PV......i....._..T.<...&..f..[....7..!.WTF......".C9...j&...0yP.5s...!..}......a...a`o...9.....z|
.n..4|..9t.).i.......o.....6.R3"&G...v.o.1`~.5.".cJ.K@..SM............\;."....Iy....~...2I.[G....>6QO..J4.c1e8oK.*.......okD...]e.MIq....i.....@p..O<.`}...2..+{...O'..p>....?V........+.8.....Oi.JW.;.F1...[+.2.Y..g........).:..\.l(...c....pW........@$.....1.....F.}..*;s...w...._.t..%.Y._....[.9.E...g....l....s.c+14;.Vp....X.@x...;n.J
.G.mr..5'...L.......7o.5g.pNl......Fs.|%..j..&..C..M.E8..s%g.q.......:\x.qw..Y.f......6.....7.j..B.[....~.".....p>7)]....~.O....7}.v...Yy[.]m.......Z...;.8.5...*....fY...|...{.Qn.O)\....
.(...cc..<....@....B.,e)..|......Mi.>.7.....C.3JwK.%K....t....N.!L...............4../b+K}.......8.z..E..m..s.:/...^{.9<.........Y$.-...Zk/.....T.i..\.]#.5..z..k.)......]*C]E......C>.J.5.:.....t..z.
........HTTP/1.1 200 OK
Date: Wed, 15 Feb 2017 09:33:26 GMT
Server: Apache/2.4.18
X-Disclaimer: The software in this package is part of the X-Maya 6 (2017), developed by CyberSecurity Malaysia. By using this software, you are granted the right to copy and modify the software, but not to distribute the software. Cybersecurity Malaysia shall not be liable to you for damages, including any general, special, incidental or consequential damages arising out of the use or inability to use the program
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2162
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
...........Y[o.6.~/...
......d...$..;m...{6.l..Y.m...R.cw6.}..$K.('....._.s..|..>Y.Ut..w'K......#K!....,\.Z.....g....,...Y,h,N...i.g!S....`.......a"..&...t#..Y.f.$......S.1/..#..[../.=]..a]........M.'.....4\Q..]Ln.......i....Y....."...6.h.!....NE.OIFN.ei[..1...I.Kc....`Q@.....o..r^.s.4.....V.!.%....!9..l...Z.....(V.o ..
...?F.M....9F....(.z.
Z}7.f.w.....G.&.p>.....).A..n]y..fA8.i...S....9. ....J^..b=Z..R...'...l'....

2017-02-15T00:35:43.335813-0800

13.76.98.135

192.168.30.129

ET EXPLOIT CVE-2016-0189 Common Construct M1

*

11

Timestamp

2017-02-15T00:35:43.335813-0800

Flow Id

1069734936089547

Source IP

13.76.98.135

Source Port

80

Destination IP

192.168.30.129

Destination Port

50335

Protocol

TCP

Alert Signature

ET EXPLOIT CVE-2016-0189 Common Construct M2

Alert Category

Attempted User Privilege Gain

Alert Severity

1

Alert Gid

1

Alert Signature Id

2022972

Payload Printable

HTTP/1.1 200 OK
Date: Wed, 15 Feb 2017 09:33:26 GMT
Server: Apache/2.4.18
X-Disclaimer: The software in this package is part of the X-Maya 6 (2017), developed by CyberSecurity Malaysia. By using this software, you are granted the right to copy and modify the software, but not to distribute the software. Cybersecurity Malaysia shall not be liable to you for damages, including any general, special, incidental or consequential damages arising out of the use or inability to use the program
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2162
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
...........Y[o.6.~/...
......d...$..;m...{6.l..Y.m...R.cw6.}..$K.('....._.s..|..>Y.Ut..w'K......#K!....,\.Z.....g....,...Y,h,N...i.g!S....`.......a"..&...t#..Y.f.$......S.1/..#..[../.=]..a]........M.'.....4\Q..]Ln.......i....Y....."...6.h.!....NE.OIFN.ei[..1...I.Kc....`Q@.....o..r^.s.4.....V.!.%....!9..l...Z.....(V.o ..
...?F.M....9F....(.z.
Z}7.f.w.....G.&.p>.....).A..n]y..fA8.i...S....9. ....J^..b=Z..R...'...l'.....Gm.SF..B!.]Z{...!..;......D....6&c.!..4..(.T=Y.yJ..m*.j....P..|
9.W.[.u..O.....U2
92.)4I..zQ.I.G....'.).........F.)
.bF..-...N..Ic.9.4,..q:..k...X....Q...Xm..Y.M.%
0...j....T.............r@y.Ee.B.....8....i..t...t.<...n\.zV...D.8Q%....+.....jc,KE]M.5.gL..*5..[z.jt .N...2...,....%S.......F}.).\.0I......F..GA.=P&X.....:...
.?`...9b1.%.i..Dp;K)...%:...........e~... .I.8.A
H..Ej[o.L..w....W.7z.4I....Wxnt.@A.S.J...........B.{z..k.=.RC...........n4........,es.....=}.......uLP....{..U....*+..S......j.......R....CF.....e...}.C@."...........FW.~.G.M..+K.......j...(&4...=.!..XP.'S.....E.<.%.....`..sok[!.7q...J..DYS^.V...z2C+...d>..1x..
.......7QG...~.5a.a.kb...A...F...=...IC.C....@g.S..n......._ .v...d.".&.e.....G]..K.....b....G....X...9....z..:..up4._k.3D.....Q..........@n
.../.8....Hi.....y.<p/I....xC.F.x...`.K....C..o.......f....Ql.)..?&...b...`.<N...rO..;Ne.....w..5t.!.... Z...d3.?.I......k.....v'.. ..t.$.w.PV......i....._..T.<...&..f..[....7..!.WTF......".C9...j&...0yP.5s...!..}......a...a`o...9.....z|
.n..4|..9t.).i.......o.....6.R3"&G...v.o.1`~.5.".cJ.K@..SM............\;."....Iy....~...2I.[G....>6QO..J4.c1e8oK.*.......okD...]e.MIq....i.....@p..O<.`}...2..+{...O'..p>....?V........+.8.....Oi.JW.;.F1...[+.2.Y..g........).:..\.l(...c....pW........@$.....1.....F.}..*;s...w...._.t..%.Y._....[.9.E...g....l....s.c+14;.Vp....X.@x...;n.J
.G.mr..5'...L.......7o.5g.pNl......Fs.|%..j..&..C..M.E8..s%g.q.......:\x.qw..Y.f......6.....7.j..B.[....~.".....p>7)]....~.O....7}.v...Yy[.]m.......Z...;.8.5...*....fY...|...{.Qn.O)\....
.(...cc..<....@....B.,e)..|......Mi.>.7.....C.3JwK.%K....t....N.!L...............4../b+K}.......8.z..E..m..s.:/...^{.9<.........Y$.-...Zk/.....T.i..\.]#.5..z..k.)......]*C]E......C>.J.5.:.....t..z.
........HTTP/1.1 200 OK
Date: Wed, 15 Feb 2017 09:33:26 GMT
Server: Apache/2.4.18
X-Disclaimer: The software in this package is part of the X-Maya 6 (2017), developed by CyberSecurity Malaysia. By using this software, you are granted the right to copy and modify the software, but not to distribute the software. Cybersecurity Malaysia shall not be liable to you for damages, including any general, special, incidental or consequential damages arising out of the use or inability to use the program
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2162
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
...........Y[o.6.~/...
......d...$..;m...{6.l..Y.m...R.cw6.}..$K.('....._.s..|..>Y.Ut..w'K......#K!....,\.Z.....g....,...Y,h,N...i.g!S....`.......a"..&...t#..Y.f.$......S.1/..#..[../.=]..a]........M.'.....4\Q..]Ln.......i....Y....."...6.h.!....NE.OIFN.ei[..1...I.Kc....`Q@.....o..r^.s.4.....V.!.%....!9..l...Z.....(V.o ..
...?F.M....9F....(.z.
Z}7.f.w.....G.&.p>.....).A..n]y..fA8.i...S....9. ....J^..b=Z..R...'...l'....

2017-02-15T00:35:43.335813-0800

13.76.98.135

192.168.30.129

ET EXPLOIT CVE-2016-0189 Common Construct M2

*

12

Timestamp

2017-02-15T00:35:43.335813-0800

Flow Id

1069734936089547

Source IP

13.76.98.135

Source Port

80

Destination IP

192.168.30.129

Destination Port

50335

Protocol

TCP

Alert Signature

ET CURRENT_EVENTS Terror EK CVE-2016-0189 Exploit M2

Alert Category

A Network Trojan was Detected

Alert Severity

1

Alert Gid

1

Alert Signature Id

2024169

Payload Printable

HTTP/1.1 200 OK
Date: Wed, 15 Feb 2017 09:33:26 GMT
Server: Apache/2.4.18
X-Disclaimer: The software in this package is part of the X-Maya 6 (2017), developed by CyberSecurity Malaysia. By using this software, you are granted the right to copy and modify the software, but not to distribute the software. Cybersecurity Malaysia shall not be liable to you for damages, including any general, special, incidental or consequential damages arising out of the use or inability to use the program
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2162
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
...........Y[o.6.~/...
......d...$..;m...{6.l..Y.m...R.cw6.}..$K.('....._.s..|..>Y.Ut..w'K......#K!....,\.Z.....g....,...Y,h,N...i.g!S....`.......a"..&...t#..Y.f.$......S.1/..#..[../.=]..a]........M.'.....4\Q..]Ln.......i....Y....."...6.h.!....NE.OIFN.ei[..1...I.Kc....`Q@.....o..r^.s.4.....V.!.%....!9..l...Z.....(V.o ..
...?F.M....9F....(.z.
Z}7.f.w.....G.&.p>.....).A..n]y..fA8.i...S....9. ....J^..b=Z..R...'...l'.....Gm.SF..B!.]Z{...!..;......D....6&c.!..4..(.T=Y.yJ..m*.j....P..|
9.W.[.u..O.....U2
92.)4I..zQ.I.G....'.).........F.)
.bF..-...N..Ic.9.4,..q:..k...X....Q...Xm..Y.M.%
0...j....T.............r@y.Ee.B.....8....i..t...t.<...n\.zV...D.8Q%....+.....jc,KE]M.5.gL..*5..[z.jt .N...2...,....%S.......F}.).\.0I......F..GA.=P&X.....:...
.?`...9b1.%.i..Dp;K)...%:...........e~... .I.8.A
H..Ej[o.L..w....W.7z.4I....Wxnt.@A.S.J...........B.{z..k.=.RC...........n4........,es.....=}.......uLP....{..U....*+..S......j.......R....CF.....e...}.C@."...........FW.~.G.M..+K.......j...(&4...=.!..XP.'S.....E.<.%.....`..sok[!.7q...J..DYS^.V...z2C+...d>..1x..
.......7QG...~.5a.a.kb...A...F...=...IC.C....@g.S..n......._ .v...d.".&.e.....G]..K.....b....G....X...9....z..:..up4._k.3D.....Q..........@n
.../.8....Hi.....y.<p/I....xC.F.x...`.K....C..o.......f....Ql.)..?&...b...`.<N...rO..;Ne.....w..5t.!.... Z...d3.?.I......k.....v'.. ..t.$.w.PV......i....._..T.<...&..f..[....7..!.WTF......".C9...j&...0yP.5s...!..}......a...a`o...9.....z|
.n..4|..9t.).i.......o.....6.R3"&G...v.o.1`~.5.".cJ.K@..SM............\;."....Iy....~...2I.[G....>6QO..J4.c1e8oK.*.......okD...]e.MIq....i.....@p..O<.`}...2..+{...O'..p>....?V........+.8.....Oi.JW.;.F1...[+.2.Y..g........).:..\.l(...c....pW........@$.....1.....F.}..*;s...w...._.t..%.Y._....[.9.E...g....l....s.c+14;.Vp....X.@x...;n.J
.G.mr..5'...L.......7o.5g.pNl......Fs.|%..j..&..C..M.E8..s%g.q.......:\x.qw..Y.f......6.....7.j..B.[....~.".....p>7)]....~.O....7}.v...Yy[.]m.......Z...;.8.5...*....fY...|...{.Qn.O)\....
.(...cc..<....@....B.,e)..|......Mi.>.7.....C.3JwK.%K....t....N.!L...............4../b+K}.......8.z..E..m..s.:/...^{.9<.........Y$.-...Zk/.....T.i..\.]#.5..z..k.)......]*C]E......C>.J.5.:.....t..z.
........HTTP/1.1 200 OK
Date: Wed, 15 Feb 2017 09:33:26 GMT
Server: Apache/2.4.18
X-Disclaimer: The software in this package is part of the X-Maya 6 (2017), developed by CyberSecurity Malaysia. By using this software, you are granted the right to copy and modify the software, but not to distribute the software. Cybersecurity Malaysia shall not be liable to you for damages, including any general, special, incidental or consequential damages arising out of the use or inability to use the program
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2162
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
...........Y[o.6.~/...
......d...$..;m...{6.l..Y.m...R.cw6.}..$K.('....._.s..|..>Y.Ut..w'K......#K!....,\.Z.....g....,...Y,h,N...i.g!S....`.......a"..&...t#..Y.f.$......S.1/..#..[../.=]..a]........M.'.....4\Q..]Ln.......i....Y....."...6.h.!....NE.OIFN.ei[..1...I.Kc....`Q@.....o..r^.s.4.....V.!.%....!9..l...Z.....(V.o ..
...?F.M....9F....(.z.
Z}7.f.w.....G.&.p>.....).A..n]y..fA8.i...S....9. ....J^..b=Z..R...'...l'....

2017-02-15T00:35:43.335813-0800

13.76.98.135

192.168.30.129

ET CURRENT_EVENTS Terror EK CVE-2016-0189 Exploit M2

*

13

Timestamp

2017-02-15T00:35:43.335813-0800

Flow Id

1069734936089547

Source IP

13.76.98.135

Source Port

80

Destination IP

192.168.30.129

Destination Port

50335

Protocol

TCP

Alert Signature

ET CURRENT_EVENTS CVE-2016-0189 Exploit

Alert Category

A Network Trojan was Detected

Alert Severity

1

Alert Gid

1

Alert Signature Id

2024676

Payload Printable

HTTP/1.1 200 OK
Date: Wed, 15 Feb 2017 09:33:26 GMT
Server: Apache/2.4.18
X-Disclaimer: The software in this package is part of the X-Maya 6 (2017), developed by CyberSecurity Malaysia. By using this software, you are granted the right to copy and modify the software, but not to distribute the software. Cybersecurity Malaysia shall not be liable to you for damages, including any general, special, incidental or consequential damages arising out of the use or inability to use the program
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2162
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
...........Y[o.6.~/...
......d...$..;m...{6.l..Y.m...R.cw6.}..$K.('....._.s..|..>Y.Ut..w'K......#K!....,\.Z.....g....,...Y,h,N...i.g!S....`.......a"..&...t#..Y.f.$......S.1/..#..[../.=]..a]........M.'.....4\Q..]Ln.......i....Y....."...6.h.!....NE.OIFN.ei[..1...I.Kc....`Q@.....o..r^.s.4.....V.!.%....!9..l...Z.....(V.o ..
...?F.M....9F....(.z.
Z}7.f.w.....G.&.p>.....).A..n]y..fA8.i...S....9. ....J^..b=Z..R...'...l'.....Gm.SF..B!.]Z{...!..;......D....6&c.!..4..(.T=Y.yJ..m*.j....P..|
9.W.[.u..O.....U2
92.)4I..zQ.I.G....'.).........F.)
.bF..-...N..Ic.9.4,..q:..k...X....Q...Xm..Y.M.%
0...j....T.............r@y.Ee.B.....8....i..t...t.<...n\.zV...D.8Q%....+.....jc,KE]M.5.gL..*5..[z.jt .N...2...,....%S.......F}.).\.0I......F..GA.=P&X.....:...
.?`...9b1.%.i..Dp;K)...%:...........e~... .I.8.A
H..Ej[o.L..w....W.7z.4I....Wxnt.@A.S.J...........B.{z..k.=.RC...........n4........,es.....=}.......uLP....{..U....*+..S......j.......R....CF.....e...}.C@."...........FW.~.G.M..+K.......j...(&4...=.!..XP.'S.....E.<.%.....`..sok[!.7q...J..DYS^.V...z2C+...d>..1x..
.......7QG...~.5a.a.kb...A...F...=...IC.C....@g.S..n......._ .v...d.".&.e.....G]..K.....b....G....X...9....z..:..up4._k.3D.....Q..........@n
.../.8....Hi.....y.<p/I....xC.F.x...`.K....C..o.......f....Ql.)..?&...b...`.<N...rO..;Ne.....w..5t.!.... Z...d3.?.I......k.....v'.. ..t.$.w.PV......i....._..T.<...&..f..[....7..!.WTF......".C9...j&...0yP.5s...!..}......a...a`o...9.....z|
.n..4|..9t.).i.......o.....6.R3"&G...v.o.1`~.5.".cJ.K@..SM............\;."....Iy....~...2I.[G....>6QO..J4.c1e8oK.*.......okD...]e.MIq....i.....@p..O<.`}...2..+{...O'..p>....?V........+.8.....Oi.JW.;.F1...[+.2.Y..g........).:..\.l(...c....pW........@$.....1.....F.}..*;s...w...._.t..%.Y._....[.9.E...g....l....s.c+14;.Vp....X.@x...;n.J
.G.mr..5'...L.......7o.5g.pNl......Fs.|%..j..&..C..M.E8..s%g.q.......:\x.qw..Y.f......6.....7.j..B.[....~.".....p>7)]....~.O....7}.v...Yy[.]m.......Z...;.8.5...*....fY...|...{.Qn.O)\....
.(...cc..<....@....B.,e)..|......Mi.>.7.....C.3JwK.%K....t....N.!L...............4../b+K}.......8.z..E..m..s.:/...^{.9<.........Y$.-...Zk/.....T.i..\.]#.5..z..k.)......]*C]E......C>.J.5.:.....t..z.
........HTTP/1.1 200 OK
Date: Wed, 15 Feb 2017 09:33:26 GMT
Server: Apache/2.4.18
X-Disclaimer: The software in this package is part of the X-Maya 6 (2017), developed by CyberSecurity Malaysia. By using this software, you are granted the right to copy and modify the software, but not to distribute the software. Cybersecurity Malaysia shall not be liable to you for damages, including any general, special, incidental or consequential damages arising out of the use or inability to use the program
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2162
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
...........Y[o.6.~/...
......d...$..;m...{6.l..Y.m...R.cw6.}..$K.('....._.s..|..>Y.Ut..w'K......#K!....,\.Z.....g....,...Y,h,N...i.g!S....`.......a"..&...t#..Y.f.$......S.1/..#..[../.=]..a]........M.'.....4\Q..]Ln.......i....Y....."...6.h.!....NE.OIFN.ei[..1...I.Kc....`Q@.....o..r^.s.4.....V.!.%....!9..l...Z.....(V.o ..
...?F.M....9F....(.z.
Z}7.f.w.....G.&.p>.....).A..n]y..fA8.i...S....9. ....J^..b=Z..R...'...l'....

2017-02-15T00:35:43.335813-0800

13.76.98.135

192.168.30.129

ET CURRENT_EVENTS CVE-2016-0189 Exploit

*

14

Timestamp

2017-02-15T00:35:43.801674-0800

Flow Id

1069734936089547

Source IP

13.76.98.135

Source Port

80

Destination IP

192.168.30.129

Destination Port

50335

Protocol

TCP

Alert Signature

ET POLICY PE EXE or DLL Windows file download HTTP

Alert Category

Potential Corporate Privacy Violation

Alert Severity

1

Alert Gid

1

Alert Signature Id

2018959

Payload Printable

HTTP/1.1 200 OK
Date: Wed, 15 Feb 2017 09:33:26 GMT
Server: Apache/2.4.18
X-Disclaimer: The software in this package is part of the X-Maya 6 (2017), developed by CyberSecurity Malaysia. By using this software, you are granted the right to copy and modify the software, but not to distribute the software. Cybersecurity Malaysia shall not be liable to you for damages, including any general, special, incidental or consequential damages arising out of the use or inability to use the program
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2162
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
...........Y[o.6.~/...
......d...$..;m...{6.l..Y.m...R.cw6.}..$K.('....._.s..|..>Y.Ut..w'K......#K!....,\.Z.....g....,...Y,h,N...i.g!S....`.......a"..&...t#..Y.f.$......S.1/..#..[../.=]..a]........M.'.....4\Q..]Ln.......i....Y....."...6.h.!....NE.OIFN.ei[..1...I.Kc....`Q@.....o..r^.s.4.....V.!.%....!9..l...Z.....(V.o ..
...?F.M....9F....(.z.
Z}7.f.w.....G.&.p>.....).A..n]y..fA8.i...S....9. ....J^..b=Z..R...'...l'.....Gm.SF..B!.]Z{...!..;......D....6&c.!..4..(.T=Y.yJ..m*.j....P..|
9.W.[.u..O.....U2
92.)4I..zQ.I.G....'.).........F.)
.bF..-...N..Ic.9.4,..q:..k...X....Q...Xm..Y.M.%
0...j....T.............r@y.Ee.B.....8....i..t...t.<...n\.zV...D.8Q%....+.....jc,KE]M.5.gL..*5..[z.jt .N...2...,....%S.......F}.).\.0I......F..GA.=P&X.....:...
.?`...9b1.%.i..Dp;K)...%:...........e~... .I.8.A
H..Ej[o.L..w....W.7z.4I....Wxnt.@A.S.J...........B.{z..k.=.RC...........n4........,es.....=}.......uLP....{..U....*+..S......j.......R....CF.....e...}.C@."...........FW.~.G.M..+K.......j...(&4...=.!..XP.'S.....E.<.%.....`..sok[!.7q...J..DYS^.V...z2C+...d>..1x..
.......7QG...~.5a.a.kb...A...F...=...IC.C....@g.S..n......._ .v...d.".&.e.....G]..K.....b....G....X...9....z..:..up4._k.3D.....Q..........@n
.../.8....Hi.....y.<p/I....xC.F.x...`.K....C..o.......f....Ql.)..?&...b...`.<N...rO..;Ne.....w..5t.!.... Z...d3.?.I......k.....v'.. ..t.$.w.PV......i....._..T.<...&..f..[....7..!.WTF......".C9...j&...0yP.5s...!..}......a...a`o...9.....z|
.n..4|..9t.).i.......o.....6.R3"&G...v.o.1`~.5.".cJ.K@..SM............\;."....Iy....~...2I.[G....>6QO..J4.c1e8oK.*.......okD...]e.MIq....i.....@p..O<.`}...2..+{...O'..p>....?V........+.8.....Oi.JW.;.F1...[+.2.Y..g........).:..\.l(...c....pW........@$.....1.....F.}..*;s...w...._.t..%.Y._....[.9.E...g....l....s.c+14;.Vp....X.@x...;n.J
.G.mr..5'...L.......7o.5g.pNl......Fs.|%..j..&..C..M.E8..s%g.q.......:\x.qw..Y.f......6.....7.j..B.[....~.".....p>7)]....~.O....7}.v...Yy[.]m.......Z...;.8.5...*....fY...|...{.Qn.O)\....
.(...cc..<....@....B.,e)..|......Mi.>.7.....C.3JwK.%K....t....N.!L...............4../b+K}.......8.z..E..m..s.:/...^{.9<.........Y$.-...Zk/.....T.i..\.]#.5..z..k.)......]*C]E......C>.J.5.:.....t..z.
........HTTP/1.1 200 OK
Date: Wed, 15 Feb 2017 09:33:26 GMT
Server: Apache/2.4.18
X-Disclaimer: The software in this package is part of the X-Maya 6 (2017), developed by CyberSecurity Malaysia. By using this software, you are granted the right to copy and modify the software, but not to distribute the software. Cybersecurity Malaysia shall not be liable to you for damages, including any general, special, incidental or consequential damages arising out of the use or inability to use the program
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2162
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
...........Y[o.6.~/...
......d...$..;m...{6.l..Y.m...R.cw6.}..$K.('....._.s..|..>Y.Ut..w'K......#K!....,\.Z.....g....,...Y,h,N...i.g!S....`.......a"..&...t#..Y.f.$......S.1/..#..[../.=]..a]........M.'.....4\Q..]Ln.......i....Y....."...6.h.!....NE.OIFN.ei[..1...I.Kc....`Q@.....o..r^.s.4.....V.!.%....!9..l...Z.....(V.o ..
...?F.M....9F....(.z.
Z}7.f.w.....G.&.p>.....).A..n]y..fA8.i...S....9. ....J^..b=Z..R...'...l'....

2017-02-15T00:35:43.801674-0800

13.76.98.135

192.168.30.129

ET POLICY PE EXE or DLL Windows file download HTTP

*

15

Timestamp

2017-02-15T00:35:43.801674-0800

Flow Id

1069734936089547

Source IP

13.76.98.135

Source Port

80

Destination IP

192.168.30.129

Destination Port

50335

Protocol

TCP

Alert Signature

ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)

Alert Category

Misc activity

Alert Severity

3

Alert Gid

1

Alert Signature Id

2015744

Payload Printable

HTTP/1.1 200 OK
Date: Wed, 15 Feb 2017 09:33:26 GMT
Server: Apache/2.4.18
X-Disclaimer: The software in this package is part of the X-Maya 6 (2017), developed by CyberSecurity Malaysia. By using this software, you are granted the right to copy and modify the software, but not to distribute the software. Cybersecurity Malaysia shall not be liable to you for damages, including any general, special, incidental or consequential damages arising out of the use or inability to use the program
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2162
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
...........Y[o.6.~/...
......d...$..;m...{6.l..Y.m...R.cw6.}..$K.('....._.s..|..>Y.Ut..w'K......#K!....,\.Z.....g....,...Y,h,N...i.g!S....`.......a"..&...t#..Y.f.$......S.1/..#..[../.=]..a]........M.'.....4\Q..]Ln.......i....Y....."...6.h.!....NE.OIFN.ei[..1...I.Kc....`Q@.....o..r^.s.4.....V.!.%....!9..l...Z.....(V.o ..
...?F.M....9F....(.z.
Z}7.f.w.....G.&.p>.....).A..n]y..fA8.i...S....9. ....J^..b=Z..R...'...l'.....Gm.SF..B!.]Z{...!..;......D....6&c.!..4..(.T=Y.yJ..m*.j....P..|
9.W.[.u..O.....U2
92.)4I..zQ.I.G....'.).........F.)
.bF..-...N..Ic.9.4,..q:..k...X....Q...Xm..Y.M.%
0...j....T.............r@y.Ee.B.....8....i..t...t.<...n\.zV...D.8Q%....+.....jc,KE]M.5.gL..*5..[z.jt .N...2...,....%S.......F}.).\.0I......F..GA.=P&X.....:...
.?`...9b1.%.i..Dp;K)...%:...........e~... .I.8.A
H..Ej[o.L..w....W.7z.4I....Wxnt.@A.S.J...........B.{z..k.=.RC...........n4........,es.....=}.......uLP....{..U....*+..S......j.......R....CF.....e...}.C@."...........FW.~.G.M..+K.......j...(&4...=.!..XP.'S.....E.<.%.....`..sok[!.7q...J..DYS^.V...z2C+...d>..1x..
.......7QG...~.5a.a.kb...A...F...=...IC.C....@g.S..n......._ .v...d.".&.e.....G]..K.....b....G....X...9....z..:..up4._k.3D.....Q..........@n
.../.8....Hi.....y.<p/I....xC.F.x...`.K....C..o.......f....Ql.)..?&...b...`.<N...rO..;Ne.....w..5t.!.... Z...d3.?.I......k.....v'.. ..t.$.w.PV......i....._..T.<...&..f..[....7..!.WTF......".C9...j&...0yP.5s...!..}......a...a`o...9.....z|
.n..4|..9t.).i.......o.....6.R3"&G...v.o.1`~.5.".cJ.K@..SM............\;."....Iy....~...2I.[G....>6QO..J4.c1e8oK.*.......okD...]e.MIq....i.....@p..O<.`}...2..+{...O'..p>....?V........+.8.....Oi.JW.;.F1...[+.2.Y..g........).:..\.l(...c....pW........@$.....1.....F.}..*;s...w...._.t..%.Y._....[.9.E...g....l....s.c+14;.Vp....X.@x...;n.J
.G.mr..5'...L.......7o.5g.pNl......Fs.|%..j..&..C..M.E8..s%g.q.......:\x.qw..Y.f......6.....7.j..B.[....~.".....p>7)]....~.O....7}.v...Yy[.]m.......Z...;.8.5...*....fY...|...{.Qn.O)\....
.(...cc..<....@....B.,e)..|......Mi.>.7.....C.3JwK.%K....t....N.!L...............4../b+K}.......8.z..E..m..s.:/...^{.9<.........Y$.-...Zk/.....T.i..\.]#.5..z..k.)......]*C]E......C>.J.5.:.....t..z.
........HTTP/1.1 200 OK
Date: Wed, 15 Feb 2017 09:33:26 GMT
Server: Apache/2.4.18
X-Disclaimer: The software in this package is part of the X-Maya 6 (2017), developed by CyberSecurity Malaysia. By using this software, you are granted the right to copy and modify the software, but not to distribute the software. Cybersecurity Malaysia shall not be liable to you for damages, including any general, special, incidental or consequential damages arising out of the use or inability to use the program
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2162
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
...........Y[o.6.~/...
......d...$..;m...{6.l..Y.m...R.cw6.}..$K.('....._.s..|..>Y.Ut..w'K......#K!....,\.Z.....g....,...Y,h,N...i.g!S....`.......a"..&...t#..Y.f.$......S.1/..#..[../.=]..a]........M.'.....4\Q..]Ln.......i....Y....."...6.h.!....NE.OIFN.ei[..1...I.Kc....`Q@.....o..r^.s.4.....V.!.%....!9..l...Z.....(V.o ..
...?F.M....9F....(.z.
Z}7.f.w.....G.&.p>.....).A..n]y..fA8.i...S....9. ....J^..b=Z..R...'...l'....

2017-02-15T00:35:43.801674-0800

13.76.98.135

192.168.30.129

ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)

*

16

Timestamp

2017-02-15T00:35:44.734213-0800

Flow Id

1069734936089547

Source IP

13.76.98.135

Source Port

80

Destination IP

192.168.30.129

Destination Port

50335

Protocol

TCP

Alert Signature

ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)

Alert Category

Misc activity

Alert Severity

3

Alert Gid

1

Alert Signature Id

2015744

Payload Printable

HTTP/1.1 200 OK
Date: Wed, 15 Feb 2017 09:33:26 GMT
Server: Apache/2.4.18
X-Disclaimer: The software in this package is part of the X-Maya 6 (2017), developed by CyberSecurity Malaysia. By using this software, you are granted the right to copy and modify the software, but not to distribute the software. Cybersecurity Malaysia shall not be liable to you for damages, including any general, special, incidental or consequential damages arising out of the use or inability to use the program
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2162
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
...........Y[o.6.~/...
......d...$..;m...{6.l..Y.m...R.cw6.}..$K.('....._.s..|..>Y.Ut..w'K......#K!....,\.Z.....g....,...Y,h,N...i.g!S....`.......a"..&...t#..Y.f.$......S.1/..#..[../.=]..a]........M.'.....4\Q..]Ln.......i....Y....."...6.h.!....NE.OIFN.ei[..1...I.Kc....`Q@.....o..r^.s.4.....V.!.%....!9..l...Z.....(V.o ..
...?F.M....9F....(.z.
Z}7.f.w.....G.&.p>.....).A..n]y..fA8.i...S....9. ....J^..b=Z..R...'...l'.....Gm.SF..B!.]Z{...!..;......D....6&c.!..4..(.T=Y.yJ..m*.j....P..|
9.W.[.u..O.....U2
92.)4I..zQ.I.G....'.).........F.)
.bF..-...N..Ic.9.4,..q:..k...X....Q...Xm..Y.M.%
0...j....T.............r@y.Ee.B.....8....i..t...t.<...n\.zV...D.8Q%....+.....jc,KE]M.5.gL..*5..[z.jt .N...2...,....%S.......F}.).\.0I......F..GA.=P&X.....:...
.?`...9b1.%.i..Dp;K)...%:...........e~... .I.8.A
H..Ej[o.L..w....W.7z.4I....Wxnt.@A.S.J...........B.{z..k.=.RC...........n4........,es.....=}.......uLP....{..U....*+..S......j.......R....CF.....e...}.C@."...........FW.~.G.M..+K.......j...(&4...=.!..XP.'S.....E.<.%.....`..sok[!.7q...J..DYS^.V...z2C+...d>..1x..
.......7QG...~.5a.a.kb...A...F...=...IC.C....@g.S..n......._ .v...d.".&.e.....G]..K.....b....G....X...9....z..:..up4._k.3D.....Q..........@n
.../.8....Hi.....y.<p/I....xC.F.x...`.K....C..o.......f....Ql.)..?&...b...`.<N...rO..;Ne.....w..5t.!.... Z...d3.?.I......k.....v'.. ..t.$.w.PV......i....._..T.<...&..f..[....7..!.WTF......".C9...j&...0yP.5s...!..}......a...a`o...9.....z|
.n..4|..9t.).i.......o.....6.R3"&G...v.o.1`~.5.".cJ.K@..SM............\;."....Iy....~...2I.[G....>6QO..J4.c1e8oK.*.......okD...]e.MIq....i.....@p..O<.`}...2..+{...O'..p>....?V........+.8.....Oi.JW.;.F1...[+.2.Y..g........).:..\.l(...c....pW........@$.....1.....F.}..*;s...w...._.t..%.Y._....[.9.E...g....l....s.c+14;.Vp....X.@x...;n.J
.G.mr..5'...L.......7o.5g.pNl......Fs.|%..j..&..C..M.E8..s%g.q.......:\x.qw..Y.f......6.....7.j..B.[....~.".....p>7)]....~.O....7}.v...Yy[.]m.......Z...;.8.5...*....fY...|...{.Qn.O)\....
.(...cc..<....@....B.,e)..|......Mi.>.7.....C.3JwK.%K....t....N.!L...............4../b+K}.......8.z..E..m..s.:/...^{.9<.........Y$.-...Zk/.....T.i..\.]#.5..z..k.)......]*C]E......C>.J.5.:.....t..z.
........HTTP/1.1 200 OK
Date: Wed, 15 Feb 2017 09:33:26 GMT
Server: Apache/2.4.18
X-Disclaimer: The software in this package is part of the X-Maya 6 (2017), developed by CyberSecurity Malaysia. By using this software, you are granted the right to copy and modify the software, but not to distribute the software. Cybersecurity Malaysia shall not be liable to you for damages, including any general, special, incidental or consequential damages arising out of the use or inability to use the program
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2162
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
...........Y[o.6.~/...
......d...$..;m...{6.l..Y.m...R.cw6.}..$K.('....._.s..|..>Y.Ut..w'K......#K!....,\.Z.....g....,...Y,h,N...i.g!S....`.......a"..&...t#..Y.f.$......S.1/..#..[../.=]..a]........M.'.....4\Q..]Ln.......i....Y....."...6.h.!....NE.OIFN.ei[..1...I.Kc....`Q@.....o..r^.s.4.....V.!.%....!9..l...Z.....(V.o ..
...?F.M....9F....(.z.
Z}7.f.w.....G.&.p>.....).A..n]y..fA8.i...S....9. ....J^..b=Z..R...'...l'....

HTTP/1.1 200 OK
Date: Wed, 15 Feb 2017 09:33:26 GMT
Server: Apache/2.4.18
X-Disclaimer: The software in this package is part of the X-Maya 6 (2017), developed by CyberSecurity Malaysia. By using this software, you are granted the right to copy and modify the software, but not to distribute the software. Cybersecurity Malaysia shall not be liable to you for damages, including any general, special, incidental or consequential damages arising out of the use or inability to use the program
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2162
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
...........Y[o.6.~/...
......d...$..;m...{6.l..Y.m...R.cw6.}..$K.('....._.s..|..>Y.Ut..w'K......#K!....,\.Z.....g....,...Y,h,N...i.g!S....`.......a"..&...t#..Y.f.$......S.1/..#..[../.=]..a]........M.'.....4\Q..]Ln.......i....Y....."...6.h.!....NE.OIFN.ei[..1...I.Kc....`Q@.....o..r^.s.4.....V.!.%....!9..l...Z.....(V.o ..
...?F.M....9F....(.z.
Z}7.f.w.....G.&.p>.....).A..n]y..fA8.i...S....9. ....J^..b=Z..R...'...l'.....Gm.SF..B!.]Z{...!..;......D....6&c.!..4..(.T=Y.yJ..m*.j....P..|
9.W.[.u..O.....U2
92.)4I..zQ.I.G....'.).........F.)
.bF..-...N..Ic.9.4,..q:..k...X....Q...Xm..Y.M.%
0...j....T.............r@y.Ee.B.....8....i..t...t.<...n\.zV...D.8Q%....+.....jc,KE]M.5.gL..*5..[z.jt .N...2...,....%S.......F}.).\.0I......F..GA.=P&X.....:...
.?`...9b1.%.i..Dp;K)...%:...........e~... .I.8.A
H..Ej[o.L..w....W.7z.4I....Wxnt.@A.S.J...........B.{z..k.=.RC...........n4........,es.....=}.......uLP....{..U....*+..S......j.......R....CF.....e...}.C@."...........FW.~.G.M..+K.......j...(&4...=.!..XP.'S.....E.<.%.....`..sok[!.7q...J..DYS^.V...z2C+...d>..1x..
.......7QG...~.5a.a.kb...A...F...=...IC.C....@g.S..n......._ .v...d.".&.e.....G]..K.....b....G....X...9....z..:..up4._k.3D.....Q..........@n
.../.8....Hi.....y.<p/I....xC.F.x...`.K....C..o.......f....Ql.)..?&...b...`.<N...rO..;Ne.....w..5t.!.... Z...d3.?.I......k.....v'.. ..t.$.w.PV......i....._..T.<...&..f..[....7..!.WTF......".C9...j&...0yP.5s...!..}......a...a`o...9.....z|
.n..4|..9t.).i.......o.....6.R3"&G...v.o.1`~.5.".cJ.K@..SM............\;."....Iy....~...2I.[G....>6QO..J4.c1e8oK.*.......okD...]e.MIq....i.....@p..O<.`}...2..+{...O'..p>....?V........+.8.....Oi.JW.;.F1...[+.2.Y..g........).:..\.l(...c....pW........@$.....1.....F.}..*;s...w...._.t..%.Y._....[.9.E...g....l....s.c+14;.Vp....X.@x...;n.J
.G.mr..5'...L.......7o.5g.pNl......Fs.|%..j..&..C..M.E8..s%g.q.......:\x.qw..Y.f......6.....7.j..B.[....~.".....p>7)]....~.O....7}.v...Yy[.]m.......Z...;.8.5...*....fY...|...{.Qn.O)\....
.(...cc..<....@....B.,e)..|......Mi.>.7.....C.3JwK.%K....t....N.!L...............4../b+K}.......8.z..E..m..s.:/...^{.9<.........Y$.-...Zk/.....T.i..\.]#.5..z..k.)......]*C]E......C>.J.5.:.....t..z.
........HTTP/1.1 200 OK
Date: Wed, 15 Feb 2017 09:33:26 GMT
Server: Apache/2.4.18
X-Disclaimer: The software in this package is part of the X-Maya 6 (2017), developed by CyberSecurity Malaysia. By using this software, you are granted the right to copy and modify the software, but not to distribute the software. Cybersecurity Malaysia shall not be liable to you for damages, including any general, special, incidental or consequential damages arising out of the use or inability to use the program
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2162
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
...........Y[o.6.~/...
......d...$..;m...{6.l..Y.m...R.cw6.}..$K.('....._.s..|..>Y.Ut..w'K......#K!....,\.Z.....g....,...Y,h,N...i.g!S....`.......a"..&...t#..Y.f.$......S.1/..#..[../.=]..a]........M.'.....4\Q..]Ln.......i....Y....."...6.h.!....NE.OIFN.ei[..1...I.Kc....`Q@.....o..r^.s.4.....V.!.%....!9..l...Z.....(V.o ..
...?F.M....9F....(.z.
Z}7.f.w.....G.&.p>.....).A..n]y..fA8.i...S....9. ....J^..b=Z..R...'...l'....

HTTP/1.1 200 OK
Date: Wed, 15 Feb 2017 09:33:26 GMT
Server: Apache/2.4.18
X-Disclaimer: The software in this package is part of the X-Maya 6 (2017), developed by CyberSecurity Malaysia. By using this software, you are granted the right to copy and modify the software, but not to distribute the software. Cybersecurity Malaysia shall not be liable to you for damages, including any general, special, incidental or consequential damages arising out of the use or inability to use the program
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2162
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
...........Y[o.6.~/...
......d...$..;m...{6.l..Y.m...R.cw6.}..$K.('....._.s..|..>Y.Ut..w'K......#K!....,\.Z.....g....,...Y,h,N...i.g!S....`.......a"..&...t#..Y.f.$......S.1/..#..[../.=]..a]........M.'.....4\Q..]Ln.......i....Y....."...6.h.!....NE.OIFN.ei[..1...I.Kc....`Q@.....o..r^.s.4.....V.!.%....!9..l...Z.....(V.o ..
...?F.M....9F....(.z.
Z}7.f.w.....G.&.p>.....).A..n]y..fA8.i...S....9. ....J^..b=Z..R...'...l'.....Gm.SF..B!.]Z{...!..;......D....6&c.!..4..(.T=Y.yJ..m*.j....P..|
9.W.[.u..O.....U2
92.)4I..zQ.I.G....'.).........F.)
.bF..-...N..Ic.9.4,..q:..k...X....Q...Xm..Y.M.%
0...j....T.............r@y.Ee.B.....8....i..t...t.<...n\.zV...D.8Q%....+.....jc,KE]M.5.gL..*5..[z.jt .N...2...,....%S.......F}.).\.0I......F..GA.=P&X.....:...
.?`...9b1.%.i..Dp;K)...%:...........e~... .I.8.A
H..Ej[o.L..w....W.7z.4I....Wxnt.@A.S.J...........B.{z..k.=.RC...........n4........,es.....=}.......uLP....{..U....*+..S......j.......R....CF.....e...}.C@."...........FW.~.G.M..+K.......j...(&4...=.!..XP.'S.....E.<.%.....`..sok[!.7q...J..DYS^.V...z2C+...d>..1x..
.......7QG...~.5a.a.kb...A...F...=...IC.C....@g.S..n......._ .v...d.".&.e.....G]..K.....b....G....X...9....z..:..up4._k.3D.....Q..........@n
.../.8....Hi.....y.<p/I....xC.F.x...`.K....C..o.......f....Ql.)..?&...b...`.<N...rO..;Ne.....w..5t.!.... Z...d3.?.I......k.....v'.. ..t.$.w.PV......i....._..T.<...&..f..[....7..!.WTF......".C9...j&...0yP.5s...!..}......a...a`o...9.....z|
.n..4|..9t.).i.......o.....6.R3"&G...v.o.1`~.5.".cJ.K@..SM............\;."....Iy....~...2I.[G....>6QO..J4.c1e8oK.*.......okD...]e.MIq....i.....@p..O<.`}...2..+{...O'..p>....?V........+.8.....Oi.JW.;.F1...[+.2.Y..g........).:..\.l(...c....pW........@$.....1.....F.}..*;s...w...._.t..%.Y._....[.9.E...g....l....s.c+14;.Vp....X.@x...;n.J
.G.mr..5'...L.......7o.5g.pNl......Fs.|%..j..&..C..M.E8..s%g.q.......:\x.qw..Y.f......6.....7.j..B.[....~.".....p>7)]....~.O....7}.v...Yy[.]m.......Z...;.8.5...*....fY...|...{.Qn.O)\....
.(...cc..<....@....B.,e)..|......Mi.>.7.....C.3JwK.%K....t....N.!L...............4../b+K}.......8.z..E..m..s.:/...^{.9<.........Y$.-...Zk/.....T.i..\.]#.5..z..k.)......]*C]E......C>.J.5.:.....t..z.
........HTTP/1.1 200 OK
Date: Wed, 15 Feb 2017 09:33:26 GMT
Server: Apache/2.4.18
X-Disclaimer: The software in this package is part of the X-Maya 6 (2017), developed by CyberSecurity Malaysia. By using this software, you are granted the right to copy and modify the software, but not to distribute the software. Cybersecurity Malaysia shall not be liable to you for damages, including any general, special, incidental or consequential damages arising out of the use or inability to use the program
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2162
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
...........Y[o.6.~/...
......d...$..;m...{6.l..Y.m...R.cw6.}..$K.('....._.s..|..>Y.Ut..w'K......#K!....,\.Z.....g....,...Y,h,N...i.g!S....`.......a"..&...t#..Y.f.$......S.1/..#..[../.=]..a]........M.'.....4\Q..]Ln.......i....Y....."...6.h.!....NE.OIFN.ei[..1...I.Kc....`Q@.....o..r^.s.4.....V.!.%....!9..l...Z.....(V.o ..
...?F.M....9F....(.z.
Z}7.f.w.....G.&.p>.....).A..n]y..fA8.i...S....9. ....J^..b=Z..R...'...l'....

2017-02-15T00:35:49.894159-0800

13.76.98.135

192.168.30.129

ET EXPLOIT CVE-2016-0189 Common Construct M1

*

19

Timestamp

2017-02-15T00:35:49.894159-0800

Flow Id

1069734936089547

Source IP

13.76.98.135

Source Port

80

Destination IP

192.168.30.129

Destination Port

50335

Protocol

TCP

Alert Signature

ET EXPLOIT CVE-2016-0189 Common Construct M2

Alert Category

Attempted User Privilege Gain

Alert Severity

1

Alert Gid

1

Alert Signature Id

2022972

Payload Printable

HTTP/1.1 200 OK
Date: Wed, 15 Feb 2017 09:33:26 GMT
Server: Apache/2.4.18
X-Disclaimer: The software in this package is part of the X-Maya 6 (2017), developed by CyberSecurity Malaysia. By using this software, you are granted the right to copy and modify the software, but not to distribute the software. Cybersecurity Malaysia shall not be liable to you for damages, including any general, special, incidental or consequential damages arising out of the use or inability to use the program
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2162
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
...........Y[o.6.~/...
......d...$..;m...{6.l..Y.m...R.cw6.}..$K.('....._.s..|..>Y.Ut..w'K......#K!....,\.Z.....g....,...Y,h,N...i.g!S....`.......a"..&...t#..Y.f.$......S.1/..#..[../.=]..a]........M.'.....4\Q..]Ln.......i....Y....."...6.h.!....NE.OIFN.ei[..1...I.Kc....`Q@.....o..r^.s.4.....V.!.%....!9..l...Z.....(V.o ..
...?F.M....9F....(.z.
Z}7.f.w.....G.&.p>.....).A..n]y..fA8.i...S....9. ....J^..b=Z..R...'...l'.....Gm.SF..B!.]Z{...!..;......D....6&c.!..4..(.T=Y.yJ..m*.j....P..|
9.W.[.u..O.....U2
92.)4I..zQ.I.G....'.).........F.)
.bF..-...N..Ic.9.4,..q:..k...X....Q...Xm..Y.M.%
0...j....T.............r@y.Ee.B.....8....i..t...t.<...n\.zV...D.8Q%....+.....jc,KE]M.5.gL..*5..[z.jt .N...2...,....%S.......F}.).\.0I......F..GA.=P&X.....:...
.?`...9b1.%.i..Dp;K)...%:...........e~... .I.8.A
H..Ej[o.L..w....W.7z.4I....Wxnt.@A.S.J...........B.{z..k.=.RC...........n4........,es.....=}.......uLP....{..U....*+..S......j.......R....CF.....e...}.C@."...........FW.~.G.M..+K.......j...(&4...=.!..XP.'S.....E.<.%.....`..sok[!.7q...J..DYS^.V...z2C+...d>..1x..
.......7QG...~.5a.a.kb...A...F...=...IC.C....@g.S..n......._ .v...d.".&.e.....G]..K.....b....G....X...9....z..:..up4._k.3D.....Q..........@n
.../.8....Hi.....y.<p/I....xC.F.x...`.K....C..o.......f....Ql.)..?&...b...`.<N...rO..;Ne.....w..5t.!.... Z...d3.?.I......k.....v'.. ..t.$.w.PV......i....._..T.<...&..f..[....7..!.WTF......".C9...j&...0yP.5s...!..}......a...a`o...9.....z|
.n..4|..9t.).i.......o.....6.R3"&G...v.o.1`~.5.".cJ.K@..SM............\;."....Iy....~...2I.[G....>6QO..J4.c1e8oK.*.......okD...]e.MIq....i.....@p..O<.`}...2..+{...O'..p>....?V........+.8.....Oi.JW.;.F1...[+.2.Y..g........).:..\.l(...c....pW........@$.....1.....F.}..*;s...w...._.t..%.Y._....[.9.E...g....l....s.c+14;.Vp....X.@x...;n.J
.G.mr..5'...L.......7o.5g.pNl......Fs.|%..j..&..C..M.E8..s%g.q.......:\x.qw..Y.f......6.....7.j..B.[....~.".....p>7)]....~.O....7}.v...Yy[.]m.......Z...;.8.5...*....fY...|...{.Qn.O)\....
.(...cc..<....@....B.,e)..|......Mi.>.7.....C.3JwK.%K....t....N.!L...............4../b+K}.......8.z..E..m..s.:/...^{.9<.........Y$.-...Zk/.....T.i..\.]#.5..z..k.)......]*C]E......C>.J.5.:.....t..z.
........HTTP/1.1 200 OK
Date: Wed, 15 Feb 2017 09:33:26 GMT
Server: Apache/2.4.18
X-Disclaimer: The software in this package is part of the X-Maya 6 (2017), developed by CyberSecurity Malaysia. By using this software, you are granted the right to copy and modify the software, but not to distribute the software. Cybersecurity Malaysia shall not be liable to you for damages, including any general, special, incidental or consequential damages arising out of the use or inability to use the program
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2162
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
...........Y[o.6.~/...
......d...$..;m...{6.l..Y.m...R.cw6.}..$K.('....._.s..|..>Y.Ut..w'K......#K!....,\.Z.....g....,...Y,h,N...i.g!S....`.......a"..&...t#..Y.f.$......S.1/..#..[../.=]..a]........M.'.....4\Q..]Ln.......i....Y....."...6.h.!....NE.OIFN.ei[..1...I.Kc....`Q@.....o..r^.s.4.....V.!.%....!9..l...Z.....(V.o ..
...?F.M....9F....(.z.
Z}7.f.w.....G.&.p>.....).A..n]y..fA8.i...S....9. ....J^..b=Z..R...'...l'....

2017-02-15T00:35:49.894159-0800

13.76.98.135

192.168.30.129

ET EXPLOIT CVE-2016-0189 Common Construct M2

*

20

Timestamp

2017-02-15T00:35:49.894159-0800

Flow Id

1069734936089547

Source IP

13.76.98.135

Source Port

80

Destination IP

192.168.30.129

Destination Port

50335

Protocol

TCP

Alert Signature

ET CURRENT_EVENTS Terror EK CVE-2016-0189 Exploit M2

Alert Category

A Network Trojan was Detected

Alert Severity

1

Alert Gid

1

Alert Signature Id

2024169

Payload Printable

HTTP/1.1 200 OK
Date: Wed, 15 Feb 2017 09:33:26 GMT
Server: Apache/2.4.18
X-Disclaimer: The software in this package is part of the X-Maya 6 (2017), developed by CyberSecurity Malaysia. By using this software, you are granted the right to copy and modify the software, but not to distribute the software. Cybersecurity Malaysia shall not be liable to you for damages, including any general, special, incidental or consequential damages arising out of the use or inability to use the program
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2162
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
...........Y[o.6.~/...
......d...$..;m...{6.l..Y.m...R.cw6.}..$K.('....._.s..|..>Y.Ut..w'K......#K!....,\.Z.....g....,...Y,h,N...i.g!S....`.......a"..&...t#..Y.f.$......S.1/..#..[../.=]..a]........M.'.....4\Q..]Ln.......i....Y....."...6.h.!....NE.OIFN.ei[..1...I.Kc....`Q@.....o..r^.s.4.....V.!.%....!9..l...Z.....(V.o ..
...?F.M....9F....(.z.
Z}7.f.w.....G.&.p>.....).A..n]y..fA8.i...S....9. ....J^..b=Z..R...'...l'.....Gm.SF..B!.]Z{...!..;......D....6&c.!..4..(.T=Y.yJ..m*.j....P..|
9.W.[.u..O.....U2
92.)4I..zQ.I.G....'.).........F.)
.bF..-...N..Ic.9.4,..q:..k...X....Q...Xm..Y.M.%
0...j....T.............r@y.Ee.B.....8....i..t...t.<...n\.zV...D.8Q%....+.....jc,KE]M.5.gL..*5..[z.jt .N...2...,....%S.......F}.).\.0I......F..GA.=P&X.....:...
.?`...9b1.%.i..Dp;K)...%:...........e~... .I.8.A
H..Ej[o.L..w....W.7z.4I....Wxnt.@A.S.J...........B.{z..k.=.RC...........n4........,es.....=}.......uLP....{..U....*+..S......j.......R....CF.....e...}.C@."...........FW.~.G.M..+K.......j...(&4...=.!..XP.'S.....E.<.%.....`..sok[!.7q...J..DYS^.V...z2C+...d>..1x..
.......7QG...~.5a.a.kb...A...F...=...IC.C....@g.S..n......._ .v...d.".&.e.....G]..K.....b....G....X...9....z..:..up4._k.3D.....Q..........@n
.../.8....Hi.....y.<p/I....xC.F.x...`.K....C..o.......f....Ql.)..?&...b...`.<N...rO..;Ne.....w..5t.!.... Z...d3.?.I......k.....v'.. ..t.$.w.PV......i....._..T.<...&..f..[....7..!.WTF......".C9...j&...0yP.5s...!..}......a...a`o...9.....z|
.n..4|..9t.).i.......o.....6.R3"&G...v.o.1`~.5.".cJ.K@..SM............\;."....Iy....~...2I.[G....>6QO..J4.c1e8oK.*.......okD...]e.MIq....i.....@p..O<.`}...2..+{...O'..p>....?V........+.8.....Oi.JW.;.F1...[+.2.Y..g........).:..\.l(...c....pW........@$.....1.....F.}..*;s...w...._.t..%.Y._....[.9.E...g....l....s.c+14;.Vp....X.@x...;n.J
.G.mr..5'...L.......7o.5g.pNl......Fs.|%..j..&..C..M.E8..s%g.q.......:\x.qw..Y.f......6.....7.j..B.[....~.".....p>7)]....~.O....7}.v...Yy[.]m.......Z...;.8.5...*....fY...|...{.Qn.O)\....
.(...cc..<....@....B.,e)..|......Mi.>.7.....C.3JwK.%K....t....N.!L...............4../b+K}.......8.z..E..m..s.:/...^{.9<.........Y$.-...Zk/.....T.i..\.]#.5..z..k.)......]*C]E......C>.J.5.:.....t..z.
........HTTP/1.1 200 OK
Date: Wed, 15 Feb 2017 09:33:26 GMT
Server: Apache/2.4.18
X-Disclaimer: The software in this package is part of the X-Maya 6 (2017), developed by CyberSecurity Malaysia. By using this software, you are granted the right to copy and modify the software, but not to distribute the software. Cybersecurity Malaysia shall not be liable to you for damages, including any general, special, incidental or consequential damages arising out of the use or inability to use the program
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2162
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
...........Y[o.6.~/...
......d...$..;m...{6.l..Y.m...R.cw6.}..$K.('....._.s..|..>Y.Ut..w'K......#K!....,\.Z.....g....,...Y,h,N...i.g!S....`.......a"..&...t#..Y.f.$......S.1/..#..[../.=]..a]........M.'.....4\Q..]Ln.......i....Y....."...6.h.!....NE.OIFN.ei[..1...I.Kc....`Q@.....o..r^.s.4.....V.!.%....!9..l...Z.....(V.o ..
...?F.M....9F....(.z.
Z}7.f.w.....G.&.p>.....).A..n]y..fA8.i...S....9. ....J^..b=Z..R...'...l'....